package com.nit.store.security.config;



import com.nit.store.security.filter.JwtAuthenticationFilter;
import com.nit.store.security.handler.MyAccessDeniedHandler;
import com.nit.store.security.handler.MyAuthenticationEntryPoint;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpMethod;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;


@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//添加此注解才可以在控制器方法上配置权限
public class SecurityConfiguration extends WebSecurityConfigurerAdapter {

    @Autowired
    private MyAccessDeniedHandler myAccessDeniedHandler;
    @Autowired
    private MyAuthenticationEntryPoint myAuthenticationEntryPoint;

    @Autowired
    private JwtAuthenticationFilter jwtAuthenticationFilter;

    @Bean
    public PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }


    @Override
    public void configure(WebSecurity web) throws Exception {
        // 配置静态文件不需要认证
        web.ignoring().antMatchers(
                "/web/**",
                "/bootstrap3/**",
                "/css/**",
                "/images/**",
                "/js/**",
                "/avatars/**"
        );
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
//        //关闭跨域--允许跨域
//        http.cors().and().csrf().disable()
//                .authorizeRequests()
//                .antMatchers(
//                        "/users/login",
//                        "/users/reg",
//                        "/districts/"
//                ).permitAll()
//                .anyRequest().authenticated();
        //和登录注册有关的页面和请求，页面相关静态资源（images css js...）
        String[] urls = {
//                "/bootstrap3/**",
//                "/**/*.css",
//                "/**/*.html",
//                "/**/*.js",
//                "/favicon.ico",
//                "/static/**",
//                "/avatars/**",
//                "/images/**",
//                "/users/reg",
//                "/users/login",
//                "/users/password/change",
//                "/users/info/show",
//                "/users/info/change",
//                "/users/avatar/change"
        };


        //等需要登录时启动表单登录
        http.formLogin()
                .and().cors().
                and().csrf().disable()
                //注册未认证处理器
                .exceptionHandling().authenticationEntryPoint(myAuthenticationEntryPoint)
                //注册权限不足处理器
                .accessDeniedHandler(myAccessDeniedHandler)
                .and()
                //设置无状态的连接,即不创建session
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
                .authorizeRequests()
                .antMatchers( "/users/login","/users/reg").permitAll()
                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
                //配置允许匿名访问的路径
                .anyRequest().authenticated();

            //配置自己的jwt验证过滤器
            http
                .addFilterAt(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class);

    }
}
